10.6. Signing a message with JavaScript

Certain actions – which go to the blockchain – need to be signed by the private key. As described elsewhere, the signer first needs to obtain a challenge, for example:

curl -s -L -X POST "https://cargox.digital/api/v3/blockchain/login-challenge/"

Response:

{"challenge":"1ZVoa3m5gtZE6veXQQOGKEpRG6M"}

This challenge is then signed using SHA-3 and user’s private key. The easiest way to sign the message is using the Web3 javascript library.

The following command is used to invoke the private key container (e.g. a hardware wallet, MetaMask or in-memory private key):

• JavaScript

  web3.eth.personal.sign(
      web3.utils.sha3(challenge_string),
      accounts[0],
      function (e, signature) { ... }
  )
  

You can find a working example of signing a message using a Trezor hardware wallet at their GitHub page.